CVE-2025-24025

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.380

Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. The issue arises when the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, leading to cross-site scripting.

Recommendations For versions prior to 4.0.0-beta.380, update to version 4.0.0-beta.380 to resolve the issue. As a temporary workaround, consider restricting access to the tags page or disabling the search functionality until the update is applied.